842829beabd59500f9bcc572b0b3c7bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

842829beabd59500f9bcc572b0b3c7bb_JaffaCakes118
Size

338KB
MD5

842829beabd59500f9bcc572b0b3c7bb
SHA1

e760c22828108bf0398dafbae33ffab17413f4d1
SHA256

074aade813f3b41bfc1a8ce69cc2f12bb011d52c10412c233a2701a083c4c770
SHA512

484bd94034869bf577c9507d15fb4d97c7f140fdf76cbd5d3c6c81f22526ff1c9198fc833e5a96dab4e6e335f5115bd17abb0ef1b07fa84e1f7f60b0ed9057d5
SSDEEP

6144:ZUvRdGo+qRQhWTHJgMS8IeK+6/nxyH3Dtc/7P1mPqx4:yJdGjMQhWTpNIeL+QDtmTa

Score

1^/10

Malware Config

Signatures

Files

842829beabd59500f9bcc572b0b3c7bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a2ed28996112dafadf4e430222aae2a0

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b3:41:e9:6d:b4:fe:b0:4c
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

12/08/2016, 10:26

Not After

12/08/2017, 06:05

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:80:63:d2:9e:e9:f3:b8:57:ad:93:a5:b0:5e:be:e9:76:bd:34:f8
Signer

Actual PE Digest

20:80:63:d2:9e:e9:f3:b8:57:ad:93:a5:b0:5e:be:e9:76:bd:34:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetVersionExA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetEnvironmentVariableA
GetProfileStringA
GetACP
HeapSize
RaiseException
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetTickCount
SystemTimeToFileTime
LocalFileTimeToFileTime
GetShortPathNameA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
GetThreadLocale
GetProcessVersion
GetCurrentDirectoryA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
FormatMessageA
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SetLastError
MulDiv
MultiByteToWideChar
GetLastError
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
lstrcpynA
GetFileAttributesA
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalAddAtomA
GetModuleFileNameA
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcmpA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
VirtualAlloc
GetProcessHeap
HeapAlloc
GetFileSize
ReadFile
Sleep
CreateFileA
WriteFile
GetStringTypeA
CloseHandle

user32

SetCapture
InvertRect
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
PostThreadMessageA
GetDC
ReleaseDC
LoadCursorA
DestroyCursor
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
MapDialogRect
GetWindow
SetWindowContextHelpId
wsprintfA
SetFocus
ShowWindow
CharUpperA
WindowFromPoint
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
MessageBoxA
SetCursor
ShowOwnedPopups
PostMessageA
PostQuitMessage
GetNextDlgTabItem
EndDialog
UpdateWindow
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
EnableWindow
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
SetMenu
LoadMenuA
GetSubMenu
ClientToScreen
KillTimer
GetTabbedTextExtentA
MoveWindow
FindWindowA
SetTimer
FillRect
CharNextA
DestroyIcon
LoadStringA
GetSysColorBrush
GetMenuStringA
InsertMenuA
GetClassNameA
GetSystemMenu
DeleteMenu
AppendMenuA
IsRectEmpty
SetParent
IsZoomed
InflateRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
DestroyMenu
GetDesktopWindow
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
SetRect
SetWindowPos
PtInRect
InvalidateRect

gdi32

StartDocA
SetAbortProc
CreateDCA
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
DeleteObject
CreateRectRgn
StartPage
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
SetRectRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectA
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
GetTextColor
GetBkColor
LPtoDP
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
BitBlt
EndPage
EndDoc
AbortDoc
GetViewportOrgEx
CreatePen
DPtoLP
Rectangle
GetStockObject
PatBlt
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
CreateBitmap

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError
PrintDlgA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegSetValueA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey

shell32

ExtractIconA
DragQueryFileA
DragFinish
SHGetFileInfoA

comctl32

ord17

oledlg

ord8

ole32

CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen

imagehlp

MakeSureDirectoryPathExists

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2ed28996112dafadf4e430222aae2a0

Code Sign

03:01Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

b3:41:e9:6d:b4:fe:b0:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

20:80:63:d2:9e:e9:f3:b8:57:ad:93:a5:b0:5e:be:e9:76:bd:34:f8Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

imagehlp

wininet

Sections

.text Size: 232KB - Virtual size: 231KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 16KB - Virtual size: 12KB

03:01
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

b3:41:e9:6d:b4:fe:b0:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

20:80:63:d2:9e:e9:f3:b8:57:ad:93:a5:b0:5e:be:e9:76:bd:34:f8
Signer

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 16KB - Virtual size: 12KB